There are a range of new features and architectual changes in Windows Vista (and Server 2008) that help reduce the risk of using excessive privilege though you’re still better off logging in as a non-privileged user where possible. If you log in as an adminstrator privileged account then you run the risk that your system will be compromised as you browse the web. Any malicious software you accidentally trigger will run in the same context as you. If you are logged in with adminstrative privileges then so is the malware.
Two features which are often misunderstood are explained below:
Mandatory Integrity Control is a feature of Windows Vista that enables software developers to limit the level of privilege that their software can operate at. Internet Explorer’s “Protected Mode” takes advantage of this feature to run the browser at a lower level of privilege than the guest account – this is the case even if you are logged in as adminstrator. You are still better off browsing as a non-privileged account but it’s a helpful feature. Steve Riley (MSFT Senior Product Manager) commented that Mandatory Integrity Control was one of his favourite features of Windows Vista.
User Account Control (UAC) is another feature of Windows Vista (Server 2008) that is intented to make users aware when privilege is being used and to encourage software developers to only require privileged operations where absolutely necessary. Mark Russinovich (Microsoft fellow – most senior technical expert) published an interesting article for TechNet magazine titled Inside User Account Control. He followed it up with an incredibly detailed (yet readable) post titled User Account Control and Security Boundaries. Essentially UAC doesn’t provide a security boundary – once again you are better off logging in with less privilege.